Cash Value of Android Zero-Day Exploits Surpasses iOS
Apple has long positioned itself as the more secure option to open platforms like Windows and Android, but that might no longer be the case. As previously unreported “zero-day” iOS exploits pile up, security researchers are seeing the cash value of such research fall. Zerodium, the largest purchaser of such flaws, has updated its bug bounty payments. Android exploits now command a maximum of $2.5 million, but iOS tops out at $2 million.
Last month, we reported on a series of iOS exploits uncovered by Google’s Project Zero. Google isn’t in the business of selling exploits, so it researched the scheme and reported it to Apple in a responsible manner. Google detected websites using multiple attack chains to steal data from almost all versions of iOS, and they were operating for at least two years.
Apple rolled out an update to iDevices that blocked those exploits, but you have to wonder how many more unreported attacks are floating around out there. The perpetrators of this hack weren’t even treating the exploits like a valuable commodity. They were hacking iPhone users indiscriminately when they could have been using targeted attacks against high-value targets. They might never have been caught going that route.
Zerodium buys exploits for big money so it can exclusively report the research and mitigation measures to its corporate and government clients. Zerodium founder and CEO Chaouki Bekrar says that the company still gets ample submissions for iOS exploits, mostly connected to Safari and iMessage. There are so many that the company has started turning down some offers from researchers. On the other hand, functional zero-click or one-click exploits for Android are increasingly rare, especially for versions 8.0 and later.
Given the state of the major operating systems, Zerodium decided it makes sense to assign a higher value to Android exploits. Zerodium doesn’t pay $2.5 million for just any Android hack, though. Researchers have to submit basic details of the hack first, and then wait on an offer from Zerodium. The $2.5 million top offer only applies to serious flaws in Android 8, 9, or 10. Apple’s lower $2 million maximum bounty is still nothing to sneeze at — serious exploits for desktop systems top out at $1 million. Since mobile platforms were built more recently, they have more security features integrated at a low level. That makes them harder to hack than desktop operating systems.
Continue reading
Chromebooks Gain Market Share as Education Goes Online
Chromebook sales have exploded in the pandemic, with sales up 90 percent and future growth expected. This poses some challenges to companies like Microsoft.
MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing
Nvidia's new RTX 3070 is a fabulous GPU at a good price, and the MSI RTX 3070 Gaming X Trio shows it off well.
AMD May Allow Custom RX 6900 XT Cards, Launch Stock May Be Limited
There are rumors that Nvidia may not be the only company facing production shortages this holiday season. High-end GPUs might just be very hard to find in general.
Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera
According to a recent iFixit report, Apple's hostility to the right of repair has hit new heights with the iPhone 12 and iPhone 12 Pro.